Skip to content

How SQUR works

This overview explains what happens end to end without exposing internal implementation details.

1. You define scope and access

  • Set the target URL or domain.
  • Use Find Scope to discover relevant URLs.
  • Choose scope permissions per URL and add optional credentials.
  • Accept consent before testing starts.

2. SQUR runs an autonomous pentest

  • The agent builds a plan from your scope.
  • Activity appears in Active Pentest as it progresses.
  • Safety checks and throttling reduce disruption.

3. Findings are generated with evidence

  • Findings appear in Remediation as they are discovered.
  • Each finding includes severity, evidence, and mitigation guidance.
  • Duplicates are linked to reduce noise.

4. You validate and update status

  • Review findings and update status with a reason.
  • SQUR verifies new findings for duplicates and reproducibility.
  • Status can move to AI accepted or AI rejected automatically.

5. You retest to verify fixes

  • Click Retest on a finding after applying a fix.
  • Watch the Retest Log for live verification updates.

6. Reports are generated

  • Choose a report level and generate the PDF.
  • Reports are available after the pentest completes.

Safety and data handling

  • SQUR respects your configured scope and permissions.
  • See Security for defenders for allowlisting, safety checks, and PII minimization.
? SQUR